package cn.inst.user.contrller;

import javax.servlet.http.HttpSession;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import cn.inst.user.domain.User;

@Controller
@RequestMapping("user")
public class UserController {
	
	/**
	 * 回到首页
	 * @return
	 */
	@RequestMapping("/home")
	public String Home() {
		System.out.println("home");
		return "home";
	}
	
	/**
	 * 获取Session中的user
	 * @param session
	 * @return
	 */
	@ResponseBody
	@RequestMapping("/userinfo")
	public User getUser(HttpSession session){
		User user=(User) session.getAttribute("userinfo");
		return user;
	}
	
	/**
	 * 退出登录
	 * @param session
	 * @return
	 */
	@RequestMapping("/logout")
	public String logout(HttpSession session){
		session.invalidate();
		Subject subject = SecurityUtils.getSubject();  
	    if (subject.isAuthenticated()) {  
	        subject.logout(); // session 会销毁，在SessionListener监听session销毁，清理权限缓存  
	    }  
		return "login";
	}
}
